diff --git a/config/config.exs b/config/config.exs
index f7366a52a..e42f3ccda 100644
--- a/config/config.exs
+++ b/config/config.exs
@@ -399,7 +399,7 @@ config :sentry,
   dsn: "",
   environment_name: Mix.env(),
   enable_source_code_context: true,
-  root_source_code_paths: [File.cwd!()]
+  root_source_code_paths: ["/build/source"]
 
 # Import environment specific config. This must remain at the bottom
 # of this file so it overrides the configuration defined above.
diff --git a/flake.nix b/flake.nix
index 9b8096741..d3f33a6c1 100644
--- a/flake.nix
+++ b/flake.nix
@@ -90,8 +90,22 @@
             };
         });
 
+      overlays.default = final: prev: {
+        inherit (self.packages."${prev.system}") mobilizon;
+      };
+
       checks = forAllSystems (system: {
         inherit (self.packages.${system}) mobilizon update;
+        nixosTest =
+          let
+            pkgsMobilizon = import nixpkgs {
+              inherit system;
+              overlays = [ self.overlays.default ];
+            };
+            certs = import "${nixpkgs}/nixos/tests/common/acme/server/snakeoil-certs.nix";
+            test = import ./nixos-test.nix { inherit certs; };
+          in
+          pkgsMobilizon.nixosTest test;
       });
 
       lib = {
diff --git a/nixos-test.nix b/nixos-test.nix
new file mode 100644
index 000000000..97e27f340
--- /dev/null
+++ b/nixos-test.nix
@@ -0,0 +1,46 @@
+{ certs }:
+{ lib, ... }:
+let
+  mobilizonDomain = certs.domain;
+  port = 41395;
+in
+
+{
+  name = "mobilizon";
+  meta.maintainers = with lib.maintainers; [ minijackson erictapen ];
+
+  nodes.server =
+    { pkgs, ... }:
+    {
+      services.mobilizon = {
+        enable = true;
+        settings = {
+          ":mobilizon" = {
+            ":instance" = {
+              name = "Test Mobilizon";
+              hostname = mobilizonDomain;
+            };
+            "Mobilizon.Web.Endpoint".http.port = port;
+          };
+        };
+      };
+
+      services.postgresql.package = pkgs.postgresql_14;
+
+      security.pki.certificateFiles = [ certs.ca.cert ];
+
+      services.nginx.virtualHosts."${mobilizonDomain}" = {
+        enableACME = lib.mkForce false;
+        sslCertificate = certs.${mobilizonDomain}.cert;
+        sslCertificateKey = certs.${mobilizonDomain}.key;
+      };
+
+      networking.hosts."::1" = [ mobilizonDomain ];
+    };
+
+  testScript = ''
+    server.wait_for_unit("mobilizon.service")
+    server.wait_for_open_port(${toString port})
+    server.succeed("curl --fail https://${mobilizonDomain}/")
+  '';
+}